Challenging Some of the Myths About Static Code Analysis

Overview: Why Static Code Analysis? Static code analysis, or SCA, can be described as the analysis of whole-program source code without the execution of that program. A number of interpretations and even misconceptions about this technology and how it impacts or benefits you, the developer, have emerged over time. You may have heard some of them yourself.

Thankfully, there is also a lot of information about the many benefits SCA provides, from faster project execution, to better source code at check-in, to less costly development cycles and shorter time-to-market. At Klocwork, that's certainly the page we're on. We make SCA tools that are extremely valuable to developers, helping you identify and fix source code security vulnerabilities, defects, standards violations or other issues early in the development process - in our case, on your desktop, while you're writing your code.

To help tell the right story, we put this paper together to dispel some of the 'myths' about SCA, myths that serve mostly to distort the true value static analysis can bring to you and your software development lifecycle (SDLC).